Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape

Subject:

From:

David Stanaway <david AT stanaway DOT net>

To:

VERITAS-BU AT MAILMAN.ENG.AUBURN DOT EDU

Date:

Tue, 29 Nov 2011 22:05:15 -0600

On 11/29/2011 12:59 AM, novice123 wrote:
> Dear All,
>
> During a risk assessment exercise, I realized that my backup admin does not 
> encrypt data in backup tapes. He argues, it is not required as an adversary 
> cannot recover/read data from the backup tape, assuming its stolen, if he 
> does not have the corresponding catalog. He further adds that catalog is kept 
> secure. We are using Veritas netbackup 6.5. I am unfamiliar with the 
> technology, hence would want to know the following:
>
> a) If catalogs are secure, why should the software have a feature for 
> encrypting data in the backup tape?

You can always import images from a tape. Takes a while. Its also 
extractable even without NBU involved, esp if not multiplexed.  This 
isn't true.

I encrypt my backups AND catalogs. (Just make sure you have hard copy of 
KMS keys in the safe). LTO4 hardware encyption isn't too much of a 
performance hit for the piece of mind.

>
> b) If the argument is invalid, how can an adversary read/recover the data 
> from the stolen backup tapes, even if he does not have the catalog. Please 
> help in articulating the risk.
>

mt to position to each file, then tar.

or if you have NBU, import the tape.
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[Veritas-bu] Starting a job from command line, rhugga

Next by Date:

Re: [Veritas-bu] Why System State, George Winter

Previous by Thread:

Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape, Robyn Hirano

Next by Thread:

[Veritas-bu] SQL file stats not correct, Jim Caldwell

Indexes:

[Date] [Thread] [Top] [All Lists]